Project

General

Profile

Actions
Copy link

Submit #2780

closed

[PATCH] Optionally allow IPv6 ND packets from non-neighbours

Added by gpr almost 10 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Networking
Target version:
-
Start date:
01/29/2015
Due date:
% Done:

100%

Estimated time:

Description

IPv6 code discards ND packets from non-neighbours, which is believed to be correct, but breaks ND on some configurations (VULTR ipv6 for example). Hence the patch, it makes this behaviour optional (via sysctl). Default is old behaviour (discard those packets), accepting such ND packets can be insecure.
Useful links:
https://www.freebsd.org/security/advisories/FreeBSD-SA-08:10.nd6.asc
https://www.mail-archive.com/misc@openbsd.org/msg119029.html

Obtained-from: FreeBSD

Files

rfc4861_no.patch (2.1 KB) rfc4861_no.patch gpr, 01/29/2015 08:33 AM
Actions
Copy link
 #1

Updated by dillon almost 10 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Ok, it defaults to off as is basically identical to what FreeBSD did so I've committed it.

-Matt

Actions
Copy link

Also available in: Atom PDF